Shodan
Vulnerabilities
Vulnerable Software
Jenkins:  >> Email Extension  >> 2.62  Security Vulnerabilities
CVE-2023-32979
Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-16
CVE-2023-32980
A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-05-16
CVE-2023-25763
Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields.
CVSS Score
5.4
EPSS Score
0.047
Published
2023-02-15
CVE-2023-25764
Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates.
CVSS Score
5.4
EPSS Score
0.047
Published
2023-02-15
CVE-2023-25765
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
CVSS Score
9.9
EPSS Score
0.0
Published
2023-02-15
CVE-2020-2253
Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server.
CVSS Score
4.8
EPSS Score
0.0
Published
2020-09-16
CVE-2019-1003032
A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.
CVSS Score
9.9
EPSS Score
0.003
Published
2019-03-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved